From eec50b21f6d74de4e69a2c649799452736a494b1 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 27 Jan 2011 15:00:14 -0800
Subject: Change "security=share" to downgrade to SMB1 from SMB2, rather than
 trying to fake it.

---
 source3/param/loadparm.c   | 13 ++++++++++++-
 source3/smbd/smb2_server.c |  8 --------
 2 files changed, 12 insertions(+), 9 deletions(-)

(limited to 'source3')

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index b45e045d64..3abebf4714 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -5789,7 +5789,18 @@ FN_GLOBAL_INTEGER(lp_passwordlevel, &Globals.pwordlevel)
 FN_GLOBAL_INTEGER(lp_usernamelevel, &Globals.unamelevel)
 FN_GLOBAL_INTEGER(lp_deadtime, &Globals.deadtime)
 FN_GLOBAL_BOOL(lp_getwd_cache, &Globals.getwd_cache)
-FN_GLOBAL_INTEGER(lp_maxprotocol, &Globals.maxprotocol)
+FN_GLOBAL_INTEGER(_lp_maxprotocol, &Globals.maxprotocol)
+int lp_maxprotocol(void)
+{
+	int ret = _lp_maxprotocol();
+	if ((ret == PROTOCOL_SMB2) && (lp_security() == SEC_SHARE)) {
+		DEBUG(2,("WARNING!!: \"security = share\" is incompatible "
+			"with the SMB2 protocol. Resetting to SMB1.\n" ));
+			lp_do_parameter(-1, "max protocol", "NT1");
+		return PROTOCOL_NT1;
+	}
+	return ret;
+}
 FN_GLOBAL_INTEGER(lp_minprotocol, &Globals.minprotocol)
 FN_GLOBAL_INTEGER(lp_security, &Globals.security)
 FN_GLOBAL_LIST(lp_auth_methods, &Globals.AuthMethods)
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index fef9dede26..fc2af475f2 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -2169,14 +2169,6 @@ void smbd_smb2_first_negprot(struct smbd_server_connection *sconn,
 	struct smbd_smb2_request *req = NULL;
 	struct tevent_req *subreq;
 
-	if (lp_security() == SEC_SHARE) {
-		DEBUG(2,("WARNING!!: \"security = share\" is deprecated for "
-			"SMB2 servers. Mapping to \"security = user\" and "
-			"\"map to guest = Bad User\"\n" ));
-		lp_do_parameter(-1, "security", "user");
-		lp_do_parameter(-1, "map to guest", "Bad User");
-	}
-
 	DEBUG(10,("smbd_smb2_first_negprot: packet length %u\n",
 		 (unsigned int)size));
 
-- 
cgit